Critical Logic Bypass "Intended Behavior" Full System Access
2 points
1 hour ago
| 0 comments
| HN
Hello, I am a developer and security researcher. I am disclosing a significant logic bypass within the Google VRP (Vulnerability Reward Program). The Effort & The Logic: I want to emphasize how much effort and detailed information it takes for a researcher to get a report "Triaged" by a company like Google. After providing extensive data and technical proofs, the report was successfully moved to the triage stage. The Action: However, after "3x/TS" processing, the TS report was abruptly closed without any logical explanation and dismissed as "Intended Behavior." Immediately after this, my terminal access was locked. My Appeal to the Community: As a developer community, I ask you to judge this: Is it logical or fair for a major company to accept a report into triage (acknowledging its validity), only to close it without valid reasoning and lock the researcher out? I am releasing this for educational purposes and to let the expert community verify the logic bypass. I have documented everything—the triage, the closure, and the terminal lock—on my GitHub here:https://github.com/shibu1r2i3n4ibiswas-eng/google-security-bypass?tab=readme-ov-file#google-security-bypass-evidence
No one has commented on this post.